Lucene search
K

244 matches found

NVD
NVD
added 4 days ago5 views

CVE-2025-11977

The Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.26.12 via the happyformsgetformpartial function. This makes it possible for authenticat...

6.6CVSS0.00516EPSS
Exploits0References4
CVE
CVE
added 4 days ago14 views

CVE-2025-11977

The CVE-2025-11977 entry concerns the WordPress plugin Happyforms – Form Builder for WordPress (drag & drop forms, surveys, payments, multipurpose forms). A Local File Inclusion vulnerability exists in all versions up to and including 1.26.12 via the happyforms_get_form_partial() function. Exploi...

6.6CVSS6.5AI score0.00516EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-59827

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS0.00447EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42525

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-leve...

6.6CVSS6.5AI score0.0071EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55303

Name of the Vulnerable Software and Affected Versions ntopng versions prior to 6.7 Description Predictable session identifiers can lead to session hijacking. The issue occurs because HTTP session identifiers in the src/HTTPserver.cpp file use weak time-seeded pseudo-randomness during session...

9.8CVSS5.9AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/20 11:57 a.m.11 views

EUVD-2026-38110

A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS6.1AI score0.01569EPSS
Exploits6References1
EUVD
EUVD
added 2026/06/12 1:52 p.m.16 views

EUVD-2026-36430

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-9645

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

9.9CVSS6AI score0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.11 views

CVE-2026-49493

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

8.8CVSS5.9AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47024

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description The software parses Bitfield fenced code blocks using the interpretJS function, which evaluates the block content as code via vm.runInNewContext. This allows for arbitrary code...

8.8CVSS6.2AI score0.00327EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 2:46 p.m.13 views

EUVD-2018-21910

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.9 views

CVE-2018-25388 HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksifoto.php, aksiuser.php, and aksikecamatan.php to execute arbitrary...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44866

HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi foto.php, aksi user.php, and aksi kecamatan.php to execute arbitra...

8.8CVSS6.3AI score0.00519EPSS
Exploits0References5
CVE
CVE
added 2026/05/29 12:0 a.m.28 views

CVE-2026-39276

The CVE-2026-39276 vulnerability affects Emlog Pro v2.6.9, where the template upload feature is vulnerable to path traversal. An authenticated administrator can upload a crafted ZIP archive containing directory traversal sequences in filenames, enabling arbitrary PHP code execution. This can resu...

7.2CVSS6.1AI score0.00782EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/27 5:31 a.m.21 views

CVE-2026-9200

CVE-2026-9200 affects the WordPress Query Shortcode plugin, vulnerable up to version 0.2.1. The vulnerability exists in the shortcode function, enabling Local File Inclusion. An authenticated attacker with contributor-level access or higher could include and execute arbitrary PHP files on the ser...

7.5CVSS6.4AI score0.00495EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/26 6:40 p.m.8 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the debugMode process. An attacker can obtain sensitive server-side source code and file contents by provoking a runtime error in a served script. Remediation Upgrade github.com/xyproto/algernon/engine to versio...

8.7CVSS5.9AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:27 a.m.12 views

EUVD-2026-31062

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 3:16 p.m.50 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 12:29 p.m.17 views

CVE-2026-3425

The vulnerability CVE-2026-3425 affects the RTMKit Addons for Elementor WordPress plugin and is exploitable via a Local File Inclusion (LFI) flaw in all versions up to 2.0.2. The issue is triggered through the path parameter of the get_content AJAX action, allowing authenticated users with Author...

8.8CVSS6.4AI score0.00625EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 9:21 p.m.9 views

Arbitrary Code Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection in the directInstall process. An attacker can execute arbitrary code on the server by uploading a specially crafted Z...

9.1CVSS6.3AI score0.03934EPSS
Exploits4References2
Rows per page
Query Builder